New threats, regulatory woes to cause '04 security headaches

SearchSecurity.com | New threats, regulatory woes to cause '04 security headaches:

By Edward Hurley

Experts predict many of next year's security issues will grow from seeds sown in 2003.

Regulatory compliance will likely be the main driver for infosecurity spending and implementation. While most companies have a pretty good handle on the Health Insurance Portability and Accountability Act (HIPAA), a couple of new regulations entered the fray that companies will address this year. California passed the Security Breach Notification Act (SB 1386), which requires that companies disclose security breaches that may have compromised specific personal information on California residents.

But many observers say that the Sarbanes-Oxley Act will be the law that really drives infosecurity. Passed in response to the corporate governance scandals of 2002, the law doesn't directly address security. However, it mandates that the CEO and CFO sign off on the integrity of a company's financials (including internal controls), forcing upper-level management to take a personal interest in security.

Michael Rasmussen, director of information security at Forrester Research, predicts a similar law will be passed this year mandating upper-level management sign off on their company's information security plans."